@c-time/frelio-cms 1.3.6 → 1.3.7

package/functions/api/auth/callback.ts

@@ -0,0 +1,138 @@
+interface Env {
+  GITHUB_CLIENT_ID?: string
+  GITHUB_CLIENT_SECRET: string
+  VITE_GITHUB_CLIENT_ID?: string
+}
+
+function errorHtml(title: string, message: string): string {
+  return `<!DOCTYPE html>
+<html lang="ja">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>${title} - Frelio</title>
+  <style>
+    * { margin: 0; padding: 0; box-sizing: border-box; }
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
+      background: #f5f5f5;
+      display: flex;
+      justify-content: center;
+      align-items: center;
+      min-height: 100vh;
+      color: #333;
+    }
+    .card {
+      background: #fff;
+      border-radius: 12px;
+      box-shadow: 0 2px 12px rgba(0,0,0,0.1);
+      padding: 40px;
+      max-width: 480px;
+      width: 90%;
+      text-align: center;
+    }
+    .icon {
+      font-size: 48px;
+      margin-bottom: 16px;
+    }
+    h1 {
+      font-size: 20px;
+      font-weight: 600;
+      margin-bottom: 12px;
+    }
+    p {
+      font-size: 14px;
+      color: #666;
+      line-height: 1.6;
+      margin-bottom: 24px;
+    }
+    a {
+      display: inline-block;
+      background: #1976d2;
+      color: #fff;
+      text-decoration: none;
+      padding: 10px 24px;
+      border-radius: 6px;
+      font-size: 14px;
+      font-weight: 500;
+      transition: background 0.2s;
+    }
+    a:hover { background: #1565c0; }
+  </style>
+</head>
+<body>
+  <div class="card">
+    <div class="icon">⚠️</div>
+    <h1>${title}</h1>
+    <p>${message}</p>
+    <a href="/">ダッシュボードに戻る</a>
+  </div>
+</body>
+</html>`
+}
+
+export const onRequestGet: PagesFunction<Env> = async (context) => {
+  const url = new URL(context.request.url)
+  const code = url.searchParams.get('code')
+
+  if (!code) {
+    return new Response(
+      errorHtml('認証エラー', '認証コードが見つかりませんでした。ダッシュボードに戻って再度ログインしてください。'),
+      { status: 400, headers: { 'Content-Type': 'text/html; charset=utf-8' } },
+    )
+  }
+
+  const clientId =
+    context.env.GITHUB_CLIENT_ID || context.env.VITE_GITHUB_CLIENT_ID
+
+  if (!clientId) {
+    return new Response(
+      errorHtml('サーバー設定エラー', 'サーバーの設定に問題があります。管理者にお問い合わせください。'),
+      { status: 500, headers: { 'Content-Type': 'text/html; charset=utf-8' } },
+    )
+  }
+
+  try {
+    const tokenResponse = await fetch(
+      'https://github.com/login/oauth/access_token',
+      {
+        method: 'POST',
+        headers: {
+          Accept: 'application/json',
+          'Content-Type': 'application/json',
+        },
+        body: JSON.stringify({
+          client_id: clientId,
+          client_secret: context.env.GITHUB_CLIENT_SECRET,
+          code,
+        }),
+      },
+    )
+
+    const tokenData = (await tokenResponse.json()) as {
+      access_token?: string
+      error?: string
+      error_description?: string
+    }
+
+    if (tokenData.error) {
+      return new Response(
+        errorHtml(
+          '認証に失敗しました',
+          '認証コードが無効または期限切れです。ダッシュボードに戻ってブラウザをリロードし、再度ログインしてください。',
+        ),
+        { status: 400, headers: { 'Content-Type': 'text/html; charset=utf-8' } },
+      )
+    }
+
+    // Redirect to frontend callback with token
+    const origin = url.origin
+    const redirectUrl = `${origin}/auth/callback?token=${tokenData.access_token}`
+    return Response.redirect(redirectUrl, 302)
+  } catch {
+    return new Response(
+      errorHtml('認証エラー', '認証処理中にエラーが発生しました。ダッシュボードに戻って再度ログインしてください。'),
+      { status: 500, headers: { 'Content-Type': 'text/html; charset=utf-8' } },
+    )
+  }
+}

package/functions/api/storage/_middleware.ts

@@ -0,0 +1,76 @@
+/**
+ * Storage API Middleware - 認証 + CORS + DI
+ *
+ * /api/storage/* の全リクエストに対して実行される。
+ * FileController を組み立てて context.data に渡す。
+ */
+
+import { FileController } from '../../../../../workers/file-upload/src/controller/FileController'
+import { AuthError } from '../../../../../workers/file-upload/src/domain/AuthEntity'
+import { logger } from '../../../../../workers/file-upload/src/infra/LoggerSingleton'
+import { HttpPresenterImpl } from '../../../../../workers/file-upload/src/presenter/HttpPresenterImpl'
+import { GitHubAuthRepositoryImpl } from '../../../../../workers/file-upload/src/repository/GitHubAuthRepositoryImpl'
+import { R2RepositoryImpl } from '../../../../../workers/file-upload/src/repository/R2RepositoryImpl'
+import { ValidateAuthUseCase } from '../../../../../workers/file-upload/src/usecase/ValidateAuthUseCase'
+
+interface Env {
+  R2: R2Bucket
+  R2_PUBLIC_URL: string
+  ALLOWED_ORIGINS?: string
+}
+
+type DataWithController = {
+  controller: FileController
+}
+
+export const onRequest: PagesFunction<Env, string, DataWithController> = async (context) => {
+  const requestId = crypto.randomUUID().slice(0, 8)
+  logger.setRequestId(requestId)
+
+  try {
+    // CORS ヘッダー構築
+    const origin = context.request.headers.get('Origin') ?? ''
+    const allowedOrigins = context.env.ALLOWED_ORIGINS?.split(',').map((s) => s.trim()) ?? []
+    // Pages Functions では同一オリジンも許可
+    const isSameOrigin = origin === new URL(context.request.url).origin
+    const matchedOrigin = isSameOrigin || allowedOrigins.includes(origin) ? origin : null
+    const corsHeaders = {
+      'Access-Control-Allow-Origin': matchedOrigin ?? '',
+      'Access-Control-Allow-Methods': 'GET, POST, PATCH, DELETE, OPTIONS',
+      'Access-Control-Allow-Headers': 'Content-Type, Authorization',
+      Vary: 'Origin',
+    }
+
+    // CORS プリフライト
+    if (context.request.method === 'OPTIONS') {
+      return new Response(null, { headers: corsHeaders })
+    }
+
+    // 認証
+    const authRepository = new GitHubAuthRepositoryImpl()
+    const validateAuth = new ValidateAuthUseCase(authRepository)
+    const presenter = new HttpPresenterImpl(corsHeaders)
+    try {
+      await validateAuth.execute(context.request.headers.get('Authorization'))
+    } catch (error) {
+      if (error instanceof AuthError) {
+        return presenter.unauthorized(error.message)
+      }
+      throw error
+    }
+
+    // DI: FileController を組み立てて context.data に渡す
+    const r2Repository = new R2RepositoryImpl(context.env.R2, context.env.R2_PUBLIC_URL)
+    context.data.controller = new FileController(r2Repository, corsHeaders)
+
+    return await context.next()
+  } catch (error) {
+    logger.error('StorageMiddleware', 'Unhandled error', { error })
+    return new Response(JSON.stringify({ error: (error as Error).message }), {
+      status: 500,
+      headers: { 'Content-Type': 'application/json' },
+    })
+  } finally {
+    logger.clearRequestId()
+  }
+}

package/functions/api/storage/files/[uuid].ts

@@ -0,0 +1,35 @@
+/**
+ * /api/storage/files/:uuid
+ *   GET    - ファイル情報
+ *   PATCH  - メタデータ更新
+ *   DELETE - ファイル削除
+ */
+
+import type { FileController } from '../../../../../../workers/file-upload/src/controller/FileController'
+
+interface Env {
+  R2: R2Bucket
+  R2_PUBLIC_URL: string
+}
+
+type Data = {
+  controller: FileController
+}
+
+type Params = 'uuid'
+
+export const onRequestGet: PagesFunction<Env, Params, Data> = async (context) => {
+  const uuid = context.params.uuid as string
+  return context.data.controller.handleGetFile(uuid)
+}
+
+export const onRequestPatch: PagesFunction<Env, Params, Data> = async (context) => {
+  const uuid = context.params.uuid as string
+  return context.data.controller.handleUpdateFileMetadata(uuid, context.request)
+}
+
+export const onRequestDelete: PagesFunction<Env, Params, Data> = async (context) => {
+  const uuid = context.params.uuid as string
+  const url = new URL(context.request.url)
+  return context.data.controller.handleDeleteFile(uuid, url)
+}

package/functions/api/storage/list.ts

@@ -0,0 +1,19 @@
+/**
+ * GET /api/storage/list - ファイル一覧
+ */
+
+import type { FileController } from '../../../../../workers/file-upload/src/controller/FileController'
+
+interface Env {
+  R2: R2Bucket
+  R2_PUBLIC_URL: string
+}
+
+type Data = {
+  controller: FileController
+}
+
+export const onRequestGet: PagesFunction<Env, string, Data> = async (context) => {
+  const url = new URL(context.request.url)
+  return context.data.controller.handleListFiles(url)
+}

package/functions/api/storage/rebuild/[year].ts

@@ -0,0 +1,27 @@
+/**
+ * POST /api/storage/rebuild/:year - インデックス再構築
+ */
+
+import type { FileController } from '../../../../../../workers/file-upload/src/controller/FileController'
+
+interface Env {
+  R2: R2Bucket
+  R2_PUBLIC_URL: string
+}
+
+type Data = {
+  controller: FileController
+}
+
+type Params = 'year'
+
+export const onRequestPost: PagesFunction<Env, Params, Data> = async (context) => {
+  const year = parseInt(context.params.year as string)
+  if (isNaN(year)) {
+    return new Response(JSON.stringify({ error: 'Invalid year' }), {
+      status: 400,
+      headers: { 'Content-Type': 'application/json' },
+    })
+  }
+  return context.data.controller.handleRebuildIndex(year)
+}

package/functions/api/storage/upload-set.ts

@@ -0,0 +1,18 @@
+/**
+ * POST /api/storage/upload-set - 画像セットのアップロード
+ */
+
+import type { FileController } from '../../../../../workers/file-upload/src/controller/FileController'
+
+interface Env {
+  R2: R2Bucket
+  R2_PUBLIC_URL: string
+}
+
+type Data = {
+  controller: FileController
+}
+
+export const onRequestPost: PagesFunction<Env, string, Data> = async (context) => {
+  return context.data.controller.handleUploadSet(context.request, context)
+}

package/functions/api/storage/upload.ts

@@ -0,0 +1,18 @@
+/**
+ * POST /api/storage/upload - 単一ファイルのアップロード
+ */
+
+import type { FileController } from '../../../../../workers/file-upload/src/controller/FileController'
+
+interface Env {
+  R2: R2Bucket
+  R2_PUBLIC_URL: string
+}
+
+type Data = {
+  controller: FileController
+}
+
+export const onRequestPost: PagesFunction<Env, string, Data> = async (context) => {
+  return context.data.controller.handleUpload(context.request)
+}

package/functions/api/storage/years.ts

@@ -0,0 +1,18 @@
+/**
+ * GET /api/storage/years - 利用可能な年一覧
+ */
+
+import type { FileController } from '../../../../../workers/file-upload/src/controller/FileController'
+
+interface Env {
+  R2: R2Bucket
+  R2_PUBLIC_URL: string
+}
+
+type Data = {
+  controller: FileController
+}
+
+export const onRequestGet: PagesFunction<Env, string, Data> = async (context) => {
+  return context.data.controller.handleGetYears()
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@c-time/frelio-cms",
-  "version": "1.3.6",
+  "version": "1.3.7",
   "description": "Frelio CMS Admin - pre-built static bundle for 1-repo setup",
   "license": "MIT",
   "repository": {
@@ -12,14 +12,17 @@
     "access": "public"
   },
   "files": [
-    "dist"
+    "dist",
+    "functions",
+    "workers"
   ],
   "type": "module",
   "scripts": {
     "dev": "vite",
     "dev:full": "wrangler pages dev --compatibility-date=2024-01-01 -- vite",
     "build": "vite build",
-    "prepublishOnly": "vite build",
+    "prepublishOnly": "vite build && cp -r ../../workers ./workers",
+    "postpublish": "rm -rf ./workers",
     "preview": "vite preview",
     "typecheck": "tsc --noEmit",
     "test": "vitest",